Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
2
Replies

CiscoSecure AAA Server (Unix) -- Managing Profiles via CLI

e_martinez_ii
Level 1
Level 1

‎04-21-2005 01:53 PM - edited ‎03-10-2019 02:07 PM

Greetings All,

Am wanting to modify user profiles -- specifically, I am looking to apply or modify password expiry dates.

I understand the general profile structure and syntax, however, I am not able to modify the profile line to include the expiration string (e.g. until "31 Dec 2005") using the UpdateProfile (with -a option) or UpdatePassword commands in the CLI. I know this can be done, easily, using the Web interface, but the situation I am currently facing dictates use of either the CLI commands or direct modification of the user record in the CS database (and I'm no SQL guru).

Does anyone know how I can accomplish this, so that my user profiles will resemble the following:

User Profile Information

user = test{

profile_id = 41

profile_cycle = 4

member = ANALYSTS

password = clear "*******" <font color = "red">until "31 Dec 2005"</font>

}

Thanks in advance for any assistance.

Edwin Martinez II

PS If I can only accomplish this by direct modification of the database record(s), can you detail the appropriate SQL commands?

Labels:
0 Helpful
2 Replies 2

a-vazquez
Level 6
Level 6

‎04-27-2005 06:59 PM

As to the access to the CLI, you can modify profiles with the UpdateProfile command:

UpdateProfile -q -p Port [-h Host] [-id Client id] <[-u User] OR [-g Group][-a attribute] [-s [Filename]]

Port - Port at which the dbserver is accepting connection.

Host - CiscoSecure's host name. (Not required if local)

Client id - Client's security id. (Not required if local)

User - Name of user to update.

Group - Name of group to update.

Profile - Profile attribute being updated.

-q - Suppress output to console.

0 Helpful

e_martinez_ii
Level 1
Level 1
In response to a-vazquez

‎04-28-2005 01:57 PM

I appreciate your reply, but maybe I wasn't clear.

I understand how to modify profiles using the UpdateProfile command. What is happening is that I cannot modify the password entry in the profile to change the expiration.

In regards to the sample profile provided:

user = test{

profile_id = 41

profile_cycle = 4

member = ANALYSTS

password = clear "*******" until "31 Dec 2005"

}

Say user "test" has allowed his password to expire. The profile contains this expiration date (in this case, 31 Dec 2005) which you can view using the command "ViewProfile -u test". You can also modify the password using the command "ChangePassword -u test -pr clear -opw oldPasswd -npw newPasswd" or, more preferable, "UpdatePassword -u test -pr clear -npw newPasswd". Regardless how you change the password, the string representing the expiration date, " until "31 Dec 2005" ", remains unchanged.

I was hoping that the date could be changed using the following command:

UpdatePassword -a password = clear "******" until "1 Jan 2006"

However, this is not happening. The end result is a profile that has, subesquently, been thoroughly munged, and there is no other recourse but to delete and recreate the profile . Definitely an unnecessary choice, but there seems to be no other recourse.

Anyone with more insight???

0 Helpful
Customers Also Viewed These Support Documents